Isomics Privacy Shield Policy
European Union Policy Effective August 18, 2016
Switzerland Policy Effective May 6, 2017
At Isomics, Inc. (“Isomics”), we recognize the importance of information protection and data security. As such, Isomics complies with the European Union ‑ United States Privacy Shield Framework and the Swiss – United States Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Isomics has certified to the U.S. Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Program and to view our certification, please visit https://www.privacyshield.gov
Scope. This Policy governs personal information transferred from countries in the European Union and Switzerland to the United States on behalf of Isomics.
Definitions. “Personal Data” is any information that can be used to identify an individual, is received from the European Union or Switzerland, and is recorded in any form. Personal Data includes Sensitive Data. “Sensitive Data” from the European Union is Personal Data that specifies medical or health conditions, personal sexuality or information specifying sex life, racial or ethnic origin, political opinions, religious, philosophical, ideological or trade union‑related views or activities, or information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings. “Sensitive Data” from Switzerland is Personal Data that specifies medical or health conditions, personal sexuality or information specifying sex life, racial or ethnic origin, political opinions, religious, philosophical, ideological or trade union‑related views, or activities, or information on social security measures or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.
Data Collected and Use. Isomics provides specialized services to academic and business clients in the fields of software development, image analysis, and technical management with applications in medical research, product development, and manufacturing. Isomics' customers decide what data to submit and define how it should be processed. Isomics takes care to ensure that the data collected and processed on behalf of customers is handled in a manner consistent with this Privacy Shield Framework and other applicable policies and regulations. While the data varies based on the needs of the customer, data often includes medical image data, demographics, and health records for patients or volunteers. In most cases, Isomics has no way to identify the data as belonging to any particular individual.
Third Parties who may receive personal data. Isomics uses a limited number of third-party service providers to assist us in providing our services to customers. These third‑party providers offer clinical data and image analysis and other technical operations, assist with the transmission of data, and provide computation and data storage services. These third parties may access, process, or store personal data in the course of providing their services. Isomics maintains contracts with these third parties restricting their access, use, and disclosure of personal data in compliance with our Privacy Shield obligations, and Isomics may be liable if they fail to meet those obligations and we are responsible for the event giving rise to the damage.
Notice. Isomics is committed to treating all personal data received from the European Union or Switzerland in compliance with the Privacy Shield Framework. Where Isomics collects Personal Data directly from individuals, we inform those individuals in clear and conspicuous language about the purposes for which we collect and use the information, how to contact Isomics with any inquiries or complaints, the types of third parties to which we disclose the information, and the choices and means Isomics offers individuals for limiting the use and disclosure. We provide this notice when individuals are first asked to provide Personal Data to Isomics or as soon thereafter as is practicable, but in any event before Isomics uses such information for a purpose other than that for which it was originally collected or discloses it for the first time to a third party.
Choices for access and limitations on use and disclosure. Isomics is not a direct marketing firm and we do not use, sell, or transfer any Personal Data for direct marketing purposes. We recognize that European Union or Switzerland individuals have rights to access personal data about them and to limit use and disclosure of their personal data. With our Privacy Shield certification, Isomics has committed to respecting those rights. If you wish to request access, limit use, or limit disclosure of Personal Data, please contact Isomics directly and we will take action accordingly. Note that in most cases, Isomics has no way to identify the data as belonging to any particular individual. Thus, please provide the name of the customer that submitted your data to our services and we will refer your request to that customer and will support them as needed in responding to your request. You may contact Isomics if you have any questions about use or disclosure of your Personal Data.
Compelled Disclosure. Isomics may be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Enforcement. Isomics use of Personal Data is subject to the investigatory and enforcement powers of the Federal Trade Commission. Isomics has established internal mechanisms to verify ongoing adherence to its Policy. Employees found to be in violation of this Policy will be subject to disciplinary action.
Complaints. In compliance with the Privacy Shield Principles, Isomics commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union and Switzerland with inquiries or complaints regarding our Privacy Shield policy should contact first Isomics, Inc., at privacy@isomics.com. For complaints from the European Union, the independent dispute resolution body designated to address complaints and provide appropriate recourse free of charge to the individual chosen by Isomics is the panel established by the data protection authorities (“DPAs”). Isomics commits to cooperating with data protection authorities (“DPAs”) as outlined by the Privacy Shield Framework. Specifically, Isomics commits to cooperating with the DPAs in the investigation and resolution of complaints brought under the Privacy Shield Framework and will comply with any advice given by the DPAs where the DPAs take the view that Isomics needs to take specific action to comply with the Privacy Shield Principles, including remedial or compensatory measures for the benefit of individuals affected by any noncompliance with such Principles, and will provide the DPAs with written confirmation that such action has been taken. Further, under certain conditions, an individual may invoke binding arbitration pursuant to Annex 1 of the Privacy Shield Framework. For complaints from Switzerland, the independent dispute resolution body designated to address complaints and provide appropriate recourse free of charge to the individual chosen by Isomics is the panel established by the Swiss Federal Data Protection and Information Commissioner (“SFDPIC”). Isomics commits to cooperating with SFDPIC as outlined by the Privacy Shield Framework. Specifically, Isomics commits to cooperating with SFDPIC in the investigation and resolution of complaints brought under the Privacy Shield Framework and will comply with any advice given by SFDPIC where SFDPIC takes the view that Isomics needs to take specific action to comply with the Privacy Shield Principles, including remedial or compensatory measures for the benefit of individuals affected by any noncompliance with such Principles, and will provide SFDPIC with written confirmation that such action has been taken. Further, under certain conditions, an individual may invoke binding arbitration pursuant to Annex 1 of the Privacy Shield Framework.
Contact Information
Privacy Officer
Isomics, Inc.
55 Kirkland Street
Cambridge, MA 02138
privacy@isomics.com